THE PHILIPPINES—The bank hack which saw millions of pesos stolen on Philippines’ Independence Day in June was the handiwork of a Nigerian fraud ring, investigative authorities have claimed in The Philippines.
In the heavy bank heist spanning three days, the hackers used a combination of online transfers and 57 ATM withdrawals to divert funds from government-controlled United Coconut Planters Bank (UCPB).
Bank officials disclosed Tuesday that a total of P167 million was plundered during the hack—over N1.3 billion.
Officials investigating the fraud claim the hackers are Nigerians working with Filipino accomplices, though investigation has yet to be completed.
“Some of them (Nigerians) were under government watch list of potentially suspicious personalities,” Business Inquirer reports.
The perpetrators of the heist were considered having bypassed built-in computer safeguard, making the 57 withdrawals from a single ATM.
“We checked the videos of the ATMs, the persons making the withdrawals were Black,” one investigative official said, adding that Philippines’ National Bureau of Investigation identified said persons as Nigerians.
Authorities still looking at the possibility of a bigger crew operating in the local banking technique, as some funds stolen were transferred through an online money transfer facility to accounts in other local banks, from where they were withdrawn.
One of the bank officials who claimed anonymity said the hackers created 13 bank accounts with UCPB a month earlier and left them dormant until the heist a month later.
A ranking government official who was briefed about the heist said vulnerability of the UCPB started when the bank decided to upgrade its two-decades-old information technology system from another service provider, to a new one offered by Microsoft.
After the heist, it was discovered that the hackers used this upgrade window to insert malware into UCPB’s computer systems, using an email attachment because, according to one of the officials, there were no safeguards during the transition period.
Authorities say the installed malware gave the hackers access to manipulate UCPB’s system and successfully lift ATM withdrawal limit from the equivalence of N156,000 naira a day to over a million naira.
Officials say the hackers were also able to manipulate Instapay because those were real-time transactions, especially as the cyber theft happened on a weekend.
Source: Nigerian Abroad